Policy Board terms of reference 


iD, 
1.1 


1.2 


Purpose 


The overall purpose of the SLT Boards is to deliver SLT’s purpose 
of strategic oversight and delivery of cross-office priorities and 
plans. The Boards were created to ensure that sufficient capacity 
within these meetings for consideration, challenge, and scrutiny 
to deliver SLT’s collective role. 


The Policy Board is tasked with ensuring the ICO has clear policy 
positions in place to both guide and underpin our work as a 
regulator. The Board is also responsible for supporting and 
developing the ICO’s Policy Profession and our policy development 
methodology. 


Responsibilities 


The Board will consider, and make decisions on, two types of 
paper: 


e Approach papers: A paper setting out our current 
understanding of a policy issue. It should describe what we 
already know, where the potential risks and trade offs lie 
and any views on the likely time horizons for the issue, as 
well as how the paper authors intend to approach further 
development of the issue to reach a proposed policy 
position. This should include details of planned input from 
internal/external stakeholders, relationship to other relevant 
work and plans for gathering/commissioning appropriate 
evidence/research. The role of this paper is to: test with 
Policy Board whether the articulation of the issue and 
associated risks and trade-offs is accurate; and get input 
from Policy on links to existing internal/external work, 
stakeholder engagement and approach to developing an 
evidence base. 


° Policy position paper: A paper setting out the issue, risks 
and trade-offs as above, but which also sets out the 
proposed policy position, why this is preferred and any 


the outlined alternatives, providing clear rationale when an 
alternative position is chosen. 


2.2 The Board is responsible for: 


2.3 In 


considering significant and pressing issues of strategic policy 
direction and resolving these; 


regularly considering, and actively identifying, ICO horizon 
scanning opportunities and advising on future areas for further 
policy development that will inform the ICO’s regulatory 
strategy; 


advising on potentially far reaching or high profile issues 
around legislative interpretation; 


reconciling different policy or interpretative approaches and 
ensuring consistency; 


identifying areas where policy products, including guidance, 
are required outside planned activities; 


acting as an escalation mechanism for regulatory activities 
such as providing formal opinions on Data Protection Impact 
Assessments where the proposed approach may be far 
reaching and have significant regulatory effect or likely to 
attract widespread attention. 


exercising these responsibilities, the Policy Board will: 


ensure alignment with the ICO’s Information Rights Strategic 
Plan, Regulatory Action Policy and subordinate published 
strategies; 


ensure that activities accord with the ICO policy development 
methodology as necessary; 


take account of ICO horizon scanning analysis and commission 
further analysis when needed; 


from the strategic policy issues considered, identify and take 
into account any wider effects for the ICO’s activities including 
the work of the Regulatory Panel and Regulatory Delivery 
Board; 


take into account better regulation duties including economic 
impact, especially on small controllers and public authorities; 


have regard to existing relevant published guidance, especially 
by the EDPB and other regulators; 


2.4 


2.5 


5.1 


e take into account the wider geopolitical environment and the 
impact that decisions may have in the context of the ICO’s 
international strategy. 


The Policy Board is also responsible for ensuring that equality, 
diversity and inclusion (EDI) considerations are continually 
considered and addressed throughout the ICO’s work. The Board 
is also responsible for ensuring the delivery of the ICO’s equality 
objectives (within the Board’s remit). The Board may refer issues 
to the EDI Board as appropriate, and consider issues referred to it 
by the EDI Board. Analysis of EDI considerations must be included 
in all papers brought to the Board, in line with the approach set 
out in the Regulatory Policy Methodology. 


The Policy Board does not make decisions about use of ICO 
powers, including regulatory action against data controllers or 
data processors. 


Work Programme 


The Policy Board will maintain a work programme which sets out 
its expected activities to meet these responsibilities for the next 
12 months. The Policy Board will consider this work programme at 
each meeting. Corporate Governance will keep this work 
programme up to date based on the information provided by 
Board members. 


Authority 


The Board derives its authority from ET and SLT. Where work of 
the Board is materially contributing to achieving ET’s goals, the 
Board will report this to ET for assurance. Where the work of the 
Board introduces a significant risk to achieving ET’s goals, the 
Board will refer that to the relevant ET member, who may refer 
this to ET for decision. ET’s goals are provided as an annex to 
these Terms of Reference. 


Reporting to other bodies 


Senior Leadership Team 


The Chair of the Board will provide a report on the Board's 
activities to each meeting of SLT. This includes highlighting any 
issues to be discussed at future Board meetings, to facilitate 
advanced consultation.The Board's work programme will also be 
provided to each SLT meeting for information. 


5.2 


5.3 


5.4 


5.5 


5.6 


5.7 


5.8 


Where required, other members of the Board Networks may 
attend SLT meetings to provide information or input from the 
Policy Board. 


Other Boards 


The Policy Board will work collaboratively with the other Boards as 
appropriate, ensuring that views of other Boards are considered 
when the Policy Board exercises its responsibilities, and 
understanding that other Boards will act similarly in considering 
the Policy Board’s views. This may happen at an informal level 
between Board Chairs or Board members. 


The Policy Board will highlight issues to SLT or refer issues to 
other Boards for information where it is clear that another Board 
should be aware of the work of the Policy Board. 


There is no overlap between the roles of the Boards. However, in 
exceptional circumstances, there may be issues where approval is 
required by more than one Board before action can be taken. This 
should be avoided wherever possible through discussion between 
Board chairs and consultation between Board members. However, 
where this is unavoidable, the same report should be reframed 
and presented to both Board meetings, with a clear 
recommendation on the specific decision needed from each Board. 
Outcomes from one Board will be reported to the other Boards. 
Corporate Governance will facilitate this process. 


In the event of a conflict between two Boards, the Chairs should 
meet to determine the way forward and inform Corporate 
Governance accordingly. If conflict remains, the matter should be 
referred to SLT for decision. 


Programmes 


The Policy Board may be responsible for the delivery of a range of 
programmes. These will be delivered through a separate 
programme board, but as required this programme board will 
report to the Policy Board to ensure appropriate oversight. 


Executive Team 


The Board may refer issues to ET where they require clarity, 
direction and approval in areas of greatest corporate risk or 
opportunity. Steve Wood, in his role as Policy Board member and 
ET lead for the policy profession, will provide a regular update to 
Policy Board of policy issues discussed at ET. 


5.9 


7.2 


Management Board 


Minutes of Board meetings will be presented to the Management 
Board for information. 


Chair 


The Board is chaired by the Director of Regulatory Futures. 


When the chair is unavailable for a meeting, they will nominate a 
substitute to chair the meeting in their absence. 


Composition 


The Board comprises: 


The Chair (Director of Regulatory Futures) 


Deputy Commissioner (Executive Director - Regulatory 
Strategy) 


Director of High Priority Investigations and Intelligence 
Director of Investigations 

Director of Legal Services (Regulatory Advice & Commercial) 
Director of Legal Services (Regulatory Enforcement) 

Acting Director of Regulatory Assurance 


Director of Regulatory Strategy (Parliament and Government 
Affairs) 


Director of Technology and Innovation 

Director of Operation Chandra 

Director of Economic Analysis and Regulatory Portfolios 
Head of DP Complaints Service 

Head of FOI Complaints and Appeals 

Head of Intelligence 

Head of Legal Services (Regulatory Advice and Commercial) 
Head of Knowledge Services 

Head of Regulatory Assurance (Supervision) 


Head of Technology Policy 


If a member is unable to attend the meeting, they should 
nominate a substitute to attend in their place, and inform 
Corporate Governance accordingly. 


7.3 


7.4 


7.5 


9.2 


9.3 
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10.1 


The Commissioner and Executive Team will be invited to attend 
all Policy Board meetings to provide strategic direction and vision. 


The Chair may amend this membership as required. They will 
report this to the next meeting of the Board when doing so, 
including the reasons for the change in membership. Corporate 
Governance will then update the Terms of Reference. 


The Chair may also invite any other ICO staff to Board meetings 
as required. This may include Chairs of other Boards, where an 
issue with crossover to that Board's area of responsibilities is due 
to be discussed. All Directors will receive papers for Policy Board 
meetings, and may attend any meetings where they believe their 
attendance. 


Quorum 
The quorum is: 
e The Chair (or their nominated substitute) 


e Any other four members (including Executive Team members) 
and where the Chair is satisfied that a suitably broad range of 
views will be available given the agenda items to be 
considered. 


Information requirements 


All Board members are responsible for ensuring that appropriate 
information is provided to the Board to complete its 
responsibilities, including appropriate consultation to ensure that 
all potential impacts are considered before decisions are made. 
The Chair is ultimately responsible for determining what 
information is required. 


The agenda will be agreed by the Chair. The agenda and succinct 
supporting papers, making clear the decision to be considered, 
will be circulated to attendees no later than three clear working 
days in advance of the meeting. 


Following Board meetings, members of the Regulatory Futures 
Directorate will circulate communications to members of the 
policy profession on matters considered by the Board. 


Budget 


The Board has no specific budget. Any work commissioned by the 
Board will be funded from budgets within the relevant 
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13 
13.1 


13.2 


13.3 


14 
14.1 


15 


Directorate(s), or funded through an approved business case 
where necessary. This should be exercised in accordance with all 
other ICO budget controls. 


Secretariat 
Secretariat is provided by the Corporate Governance Team. 
Frequency of meetings 


The Board should normally meet monthly and will meet at least 
six times per year. 


Due to the nature of the Board's work, there will be occasions on 
which additional meetings are required to consider specific policy 
issues. The Chair is empowered to convene these meetings as 
required. 


Decision-making between meetings 


In the event that an urgent decision is required between meetings 
and the Chair considers that the issue does not justify convening 
an additional meeting, the Policy Board may consider reports by 
correspondence, particularly those reports not likely to require 
significant discussion. Corporate Governance will facilitate this. 


Any reports considered on this basis must receive sufficient 
responses to constitute the quorum for a Policy Board meeting. 
Policy Board members will usually be given one week to consider 
reports circulated by email, but if a clear consensus emerges 
before that, the decision may be implemented sooner. If 
significant discussion is required, the report should be referred to 
the next Policy Board meeting. 


Corporate Governance will provide a report to each Policy Board 
meeting on any matters considered by email, the comments 
received and the outcome of the consideration. 


Evaulation 


On an annual basis (or more frequently if required), SLT will 
review the ICO's corporate governance structure to ensure that it 
remains appropraite. The Boards should ensure that 
arrangements are in place to enable it to feed in to this review 
and satisfy iteself that it is discharging its responsibilities 
effectively and efficiently. 


Publication of papers 


15.1 The agenda for each meeting will be published internally via 
SharePoint. The minutes will be published internally via 
SharePoint, once approved. Reports will be published internally 
via SharePoint where deemed appropriate by report authors. 


15.1 Agendas, minutes and reports will not be published externally. 
16 Links to other forums 


15.1 The Board's place in the overall governance structure is set out in 
the diagram below. 


15.2 The Policy Board supports the work of the Regulatory Board and 
the ICO’s regulatory activities by making strategic policy decisions 
that are likely to have a future enduring bearing on the ICO’s 
regulatory functions or interpretation of the law we regulate. 


15.3 The Policy Board complements the work of ET, SLT and the other 
Boards by providing clear direction, building on established policy 
positions, to support the achievement of strategic objectives. 


15.4 The Policy Board also complements the work of the Policy Advice 
Service Virtual Decision Board, which makes more immediate 
decisions in response to requests for specific policy advice where 
clarity is required on existing lines. This Policy Advice Service 
Virtual Decision Board will also refer matters with greater 
strategic implications to the Policy Board. 
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Annex — Executive Team goals 


Position of the organisation as the information rights regulator - 
setting the vision and mission and ensuring that all activities, either 
directly or indirectly, contribute towards it. Long-term horizon 
scanning, ensuring the strategic direction is based on a collective 
understanding of policy issues; using outside perspective to ensure 
that the ICO is challenged on its outcomes and understanding the 
perspective of others, in particular the regulated community and the 
public. 


Setting the tone and culture of the ICO - setting the ICO’s risk 
appetite and ensuring controls are in place to manage risk; agreeing 
and monitoring the ICO’s people related strategies and plans, 
monitoring the organisation’s compliance culture and ensuring there 
is a clear vision for the way the ICO works and understanding of its 
values. 


Ensuring the ICO has the capacity and capability it needs - 
determining sign-off of large operational projects or programmes; 
ensuring sound financial management; scrutinising the allocation of 
financial and human resources to achieve the plan and ensuring 
organisational design supports attaining strategic objectives. 
Evaluation of the Board and its members and succession planning to 
ensure the ICO has the capability to deliver and to plan to meet 
current and future needs. 


Defining the perception of the ICO - agreeing plans and strategies; 
setting objectives for strategic engagement activities; driving the 
ICO to be an effective, modern, independent regulator. 


Monitoring the performance of the ICO towards achieving its 
strategic goals - ensuring clear, consistent, comparable 
performance information is used to drive improvements and 
demonstrate the impact of the work of the organisation. Monitoring 
and steering performance against plan; scrutinising performance 
and setting the ICO’s standards and values, holding the Executive to 
account for delivery of its plans and strategies. 


